Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 06:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2c0e9575f1186116dcde1b2b7e09df19.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2c0e9575f1186116dcde1b2b7e09df19.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
2c0e9575f1186116dcde1b2b7e09df19.exe
-
Size
640KB
-
MD5
2c0e9575f1186116dcde1b2b7e09df19
-
SHA1
ff6775e7c3359970b8ba5152b4cd0b9f84eed5dd
-
SHA256
9dfc8200ae12f1596e594ae7f8186f9cf76a10a8614b39db6f7c3440ee1816c8
-
SHA512
f064f3f76e2a25c01b9a0dc979db0f7171d7ab82e01a24c50948cedab46b9b3bbd43414afe548fa8065966f9b46c9788a4f6ab853b056aa9f99fff102849c174
-
SSDEEP
12288:hF0PH6qZGkVcSk4iSfZSyN0KeRvDghzmLA8/EEa6KiU+bOLK4Cag19hMhotab0fW:rsxqS9e6E8WpaliU+bgK44JC0fW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1124 2092 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2092 wrote to memory of 1124 2092 2c0e9575f1186116dcde1b2b7e09df19.exe 16 PID 2092 wrote to memory of 1124 2092 2c0e9575f1186116dcde1b2b7e09df19.exe 16 PID 2092 wrote to memory of 1124 2092 2c0e9575f1186116dcde1b2b7e09df19.exe 16 PID 2092 wrote to memory of 1124 2092 2c0e9575f1186116dcde1b2b7e09df19.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c0e9575f1186116dcde1b2b7e09df19.exe"C:\Users\Admin\AppData\Local\Temp\2c0e9575f1186116dcde1b2b7e09df19.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 2002⤵
- Program crash
PID:1124
-